Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] [platform-dev] Eclipse Foundation public PGP key?

Hi Mickael,

On Fri, 23 Apr 2021 at 08:32, Mickael Istria <mistria@xxxxxxxxxx> wrote:
Hi all,

Thanks to Mikael (Barbero) for encouraging exclusion of any automated form of trust at the moment, we're making some concrete progress here:
* artifacts provider can now attach PGP signatures to the p2 metadata and p2 will ensure all those signatures are correct for the given artifact when downloading it; installation will fail early if a signature is incorrect. For the moment, public keys for verification current are also to be placed in p2 metadata.

In the above link, what is the difference between artifact metadata and artifact repository? I feel like I am missing knowledge of some of the terminology.


Back to the top